workflows-work
Pass
Audited by Gen Agent Trust Hub on Mar 30, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill executes standard shell commands for version control management, including
git branch,git checkout,git pull, andgit push. It also triggers project-specific testing frameworks (e.g.,npm test,pytest,go test) and the GitHub CLI (gh pr create) to automate the shipping process. - [EXTERNAL_DOWNLOADS]: The workflow incorporates the
imgupskill to upload UI screenshots to public image hosting services such as Pixhost or Catbox. This is used for providing visual context in pull requests and is a standard feature for documentation. - [PROMPT_INJECTION]: The skill ingests data from a user-specified plan or specification file. While this represents a surface for indirect prompt injection, the risk is mitigated by explicit instructions to clarify ambiguous requirements and obtain user approval before proceeding with any implementation tasks.
- [NO_CODE]: The skill primarily consists of high-level natural language instructions and shell script snippets for environment setup and version control, rather than complex binary executables or obfuscated scripts.
Audit Metadata